netbird/management/server/idp/azure_test.go

package idp

import (
	"context"
	"fmt"
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
)

func TestAzureJwtStillValid(t *testing.T) {
	type jwtStillValidTest struct {
		name           string
		inputTime      time.Time
		expectedResult bool
		message        string
	}

	jwtStillValidTestCase1 := jwtStillValidTest{
		name:           "JWT still valid",
		inputTime:      time.Now().Add(10 * time.Second),
		expectedResult: true,
		message:        "should be true",
	}
	jwtStillValidTestCase2 := jwtStillValidTest{
		name:           "JWT is invalid",
		inputTime:      time.Now(),
		expectedResult: false,
		message:        "should be false",
	}

	for _, testCase := range []jwtStillValidTest{jwtStillValidTestCase1, jwtStillValidTestCase2} {
		t.Run(testCase.name, func(t *testing.T) {
			config := AzureClientConfig{}

			creds := AzureCredentials{
				clientConfig: config,
			}
			creds.jwtToken.expiresInTime = testCase.inputTime

			assert.Equalf(t, testCase.expectedResult, creds.jwtStillValid(), testCase.message)
		})
	}
}

func TestAzureAuthenticate(t *testing.T) {
	type authenticateTest struct {
		name                    string
		inputCode               int
		inputResBody            string
		inputExpireToken        time.Time
		helper                  ManagerHelper
		expectedFuncExitErrDiff error
		expectedCode            int
		expectedToken           string
	}
	exp := 5
	token := newTestJWT(t, exp)

	authenticateTestCase1 := authenticateTest{
		name:                    "Get Cached token",
		inputExpireToken:        time.Now().Add(30 * time.Second),
		helper:                  JsonParser{},
		expectedFuncExitErrDiff: nil,
		expectedCode:            200,
		expectedToken:           "",
	}

	authenticateTestCase2 := authenticateTest{
		name:          "Get Good JWT Response",
		inputCode:     200,
		inputResBody:  fmt.Sprintf("{\"access_token\":\"%s\",\"scope\":\"read:users\",\"expires_in\":%d,\"token_type\":\"Bearer\"}", token, exp),
		helper:        JsonParser{},
		expectedCode:  200,
		expectedToken: token,
	}

	authenticateTestCase3 := authenticateTest{
		name:                    "Get Bad Status Code",
		inputCode:               400,
		inputResBody:            "{}",
		helper:                  JsonParser{},
		expectedFuncExitErrDiff: fmt.Errorf("unable to get azure token, statusCode 400"),
		expectedCode:            200,
		expectedToken:           "",
	}

	for _, testCase := range []authenticateTest{authenticateTestCase1, authenticateTestCase2, authenticateTestCase3} {
		t.Run(testCase.name, func(t *testing.T) {

			jwtReqClient := mockHTTPClient{
				resBody: testCase.inputResBody,
				code:    testCase.inputCode,
			}
			config := AzureClientConfig{}

			creds := AzureCredentials{
				clientConfig: config,
				httpClient:   &jwtReqClient,
				helper:       testCase.helper,
			}
			creds.jwtToken.expiresInTime = testCase.inputExpireToken

			_, err := creds.Authenticate(context.Background())
			if err != nil {
				if testCase.expectedFuncExitErrDiff != nil {
					assert.EqualError(t, err, testCase.expectedFuncExitErrDiff.Error(), "errors should be the same")
				} else {
					t.Fatal(err)
				}
			}

			assert.Equalf(t, testCase.expectedToken, creds.jwtToken.AccessToken, "two tokens should be the same")
		})
	}
}

func TestAzureProfile(t *testing.T) {
	type azureProfileTest struct {
		name             string
		invite           bool
		inputProfile     azureProfile
		expectedUserData UserData
	}

	azureProfileTestCase1 := azureProfileTest{
		name:   "Good Request",
		invite: false,
		inputProfile: azureProfile{
			"id":                "test1",
			"displayName":       "John Doe",
			"userPrincipalName": "test1@test.com",
		},
		expectedUserData: UserData{
			Email: "test1@test.com",
			Name:  "John Doe",
			ID:    "test1",
		},
	}

	azureProfileTestCase2 := azureProfileTest{
		name:   "Missing User ID",
		invite: true,
		inputProfile: azureProfile{
			"displayName":       "John Doe",
			"userPrincipalName": "test2@test.com",
		},
		expectedUserData: UserData{
			Email: "test2@test.com",
			Name:  "John Doe",
		},
	}

	azureProfileTestCase3 := azureProfileTest{
		name:   "Missing User Name",
		invite: false,
		inputProfile: azureProfile{
			"id":                "test3",
			"userPrincipalName": "test3@test.com",
		},
		expectedUserData: UserData{
			ID:    "test3",
			Email: "test3@test.com",
		},
	}

	for _, testCase := range []azureProfileTest{azureProfileTestCase1, azureProfileTestCase2, azureProfileTestCase3} {
		t.Run(testCase.name, func(t *testing.T) {
			testCase.expectedUserData.AppMetadata.WTPendingInvite = &testCase.invite
			userData := testCase.inputProfile.userData()

			assert.Equal(t, testCase.expectedUserData.ID, userData.ID, "User id should match")
			assert.Equal(t, testCase.expectedUserData.Email, userData.Email, "User email should match")
			assert.Equal(t, testCase.expectedUserData.Name, userData.Name, "User name should match")
		})
	}
}
Add Azure Idp Manager (#822) Added intergration with Azure IDP user API. Use the steps in azure-ad.md for configuration: https://github.com/netbirdio/docs/blob/cb03373f8feb9da0204606ab055fa9825f0f9a26/docs/integrations/identity-providers/self-hosted/azure-ad.md 2023-05-03 14:51:44 +02:00			`package idp`

			`import (`
Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> 2024-07-03 11:33:02 +02:00			`"context"`
Add Azure Idp Manager (#822) Added intergration with Azure IDP user API. Use the steps in azure-ad.md for configuration: https://github.com/netbirdio/docs/blob/cb03373f8feb9da0204606ab055fa9825f0f9a26/docs/integrations/identity-providers/self-hosted/azure-ad.md 2023-05-03 14:51:44 +02:00			`"fmt"`
			`"testing"`
			`"time"`

			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestAzureJwtStillValid(t *testing.T) {`
			`type jwtStillValidTest struct {`
			`name string`
			`inputTime time.Time`
			`expectedResult bool`
			`message string`
			`}`

			`jwtStillValidTestCase1 := jwtStillValidTest{`
			`name: "JWT still valid",`
			`inputTime: time.Now().Add(10 * time.Second),`
			`expectedResult: true,`
			`message: "should be true",`
			`}`
			`jwtStillValidTestCase2 := jwtStillValidTest{`
			`name: "JWT is invalid",`
			`inputTime: time.Now(),`
			`expectedResult: false,`
			`message: "should be false",`
			`}`

			`for _, testCase := range []jwtStillValidTest{jwtStillValidTestCase1, jwtStillValidTestCase2} {`
			`t.Run(testCase.name, func(t *testing.T) {`
			`config := AzureClientConfig{}`

			`creds := AzureCredentials{`
			`clientConfig: config,`
			`}`
			`creds.jwtToken.expiresInTime = testCase.inputTime`

			`assert.Equalf(t, testCase.expectedResult, creds.jwtStillValid(), testCase.message)`
			`})`
			`}`
			`}`

			`func TestAzureAuthenticate(t *testing.T) {`
			`type authenticateTest struct {`
			`name string`
			`inputCode int`
			`inputResBody string`
			`inputExpireToken time.Time`
			`helper ManagerHelper`
			`expectedFuncExitErrDiff error`
			`expectedCode int`
			`expectedToken string`
			`}`
			`exp := 5`
			`token := newTestJWT(t, exp)`

			`authenticateTestCase1 := authenticateTest{`
			`name: "Get Cached token",`
			`inputExpireToken: time.Now().Add(30 * time.Second),`
			`helper: JsonParser{},`
			`expectedFuncExitErrDiff: nil,`
			`expectedCode: 200,`
			`expectedToken: "",`
			`}`

			`authenticateTestCase2 := authenticateTest{`
			`name: "Get Good JWT Response",`
			`inputCode: 200,`
			`inputResBody: fmt.Sprintf("{\"access_token\":\"%s\",\"scope\":\"read:users\",\"expires_in\":%d,\"token_type\":\"Bearer\"}", token, exp),`
			`helper: JsonParser{},`
			`expectedCode: 200,`
			`expectedToken: token,`
			`}`

			`authenticateTestCase3 := authenticateTest{`
			`name: "Get Bad Status Code",`
			`inputCode: 400,`
			`inputResBody: "{}",`
			`helper: JsonParser{},`
			`expectedFuncExitErrDiff: fmt.Errorf("unable to get azure token, statusCode 400"),`
			`expectedCode: 200,`
			`expectedToken: "",`
			`}`

			`for _, testCase := range []authenticateTest{authenticateTestCase1, authenticateTestCase2, authenticateTestCase3} {`
			`t.Run(testCase.name, func(t *testing.T) {`

			`jwtReqClient := mockHTTPClient{`
			`resBody: testCase.inputResBody,`
			`code: testCase.inputCode,`
			`}`
			`config := AzureClientConfig{}`

			`creds := AzureCredentials{`
			`clientConfig: config,`
			`httpClient: &jwtReqClient,`
			`helper: testCase.helper,`
			`}`
			`creds.jwtToken.expiresInTime = testCase.inputExpireToken`

Add context to throughout the project and update logging (#2209) propagate context from all the API calls and log request ID, account ID and peer ID --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> 2024-07-03 11:33:02 +02:00			`_, err := creds.Authenticate(context.Background())`
Add Azure Idp Manager (#822) Added intergration with Azure IDP user API. Use the steps in azure-ad.md for configuration: https://github.com/netbirdio/docs/blob/cb03373f8feb9da0204606ab055fa9825f0f9a26/docs/integrations/identity-providers/self-hosted/azure-ad.md 2023-05-03 14:51:44 +02:00			`if err != nil {`
			`if testCase.expectedFuncExitErrDiff != nil {`
			`assert.EqualError(t, err, testCase.expectedFuncExitErrDiff.Error(), "errors should be the same")`
			`} else {`
			`t.Fatal(err)`
			`}`
			`}`

			`assert.Equalf(t, testCase.expectedToken, creds.jwtToken.AccessToken, "two tokens should be the same")`
			`})`
			`}`
			`}`

			`func TestAzureProfile(t *testing.T) {`
			`type azureProfileTest struct {`
			`name string`
			`invite bool`
			`inputProfile azureProfile`
			`expectedUserData UserData`
			`}`

			`azureProfileTestCase1 := azureProfileTest{`
Optimize Cache and IDP Management (#1147) This pull request modifies the IdP and cache manager(s) to prevent the sending of app metadata to the upstream IDP on self-hosted instances. As a result, the IdP will now load all users from the IdP without filtering based on accountID. We disable user invites as the administrator's own IDP system manages them. 2023-10-03 16:40:28 +02:00			`name: "Good Request",`
			`invite: false,`
Add Azure Idp Manager (#822) Added intergration with Azure IDP user API. Use the steps in azure-ad.md for configuration: https://github.com/netbirdio/docs/blob/cb03373f8feb9da0204606ab055fa9825f0f9a26/docs/integrations/identity-providers/self-hosted/azure-ad.md 2023-05-03 14:51:44 +02:00			`inputProfile: azureProfile{`
			`"id": "test1",`
			`"displayName": "John Doe",`
			`"userPrincipalName": "test1@test.com",`
			`},`
			`expectedUserData: UserData{`
			`Email: "test1@test.com",`
			`Name: "John Doe",`
			`ID: "test1",`
			`},`
			`}`

			`azureProfileTestCase2 := azureProfileTest{`
Optimize Cache and IDP Management (#1147) This pull request modifies the IdP and cache manager(s) to prevent the sending of app metadata to the upstream IDP on self-hosted instances. As a result, the IdP will now load all users from the IdP without filtering based on accountID. We disable user invites as the administrator's own IDP system manages them. 2023-10-03 16:40:28 +02:00			`name: "Missing User ID",`
			`invite: true,`
Add Azure Idp Manager (#822) Added intergration with Azure IDP user API. Use the steps in azure-ad.md for configuration: https://github.com/netbirdio/docs/blob/cb03373f8feb9da0204606ab055fa9825f0f9a26/docs/integrations/identity-providers/self-hosted/azure-ad.md 2023-05-03 14:51:44 +02:00			`inputProfile: azureProfile{`
			`"displayName": "John Doe",`
			`"userPrincipalName": "test2@test.com",`
			`},`
			`expectedUserData: UserData{`
			`Email: "test2@test.com",`
			`Name: "John Doe",`
			`},`
			`}`

			`azureProfileTestCase3 := azureProfileTest{`
Optimize Cache and IDP Management (#1147) This pull request modifies the IdP and cache manager(s) to prevent the sending of app metadata to the upstream IDP on self-hosted instances. As a result, the IdP will now load all users from the IdP without filtering based on accountID. We disable user invites as the administrator's own IDP system manages them. 2023-10-03 16:40:28 +02:00			`name: "Missing User Name",`
			`invite: false,`
Add Azure Idp Manager (#822) Added intergration with Azure IDP user API. Use the steps in azure-ad.md for configuration: https://github.com/netbirdio/docs/blob/cb03373f8feb9da0204606ab055fa9825f0f9a26/docs/integrations/identity-providers/self-hosted/azure-ad.md 2023-05-03 14:51:44 +02:00			`inputProfile: azureProfile{`
			`"id": "test3",`
			`"userPrincipalName": "test3@test.com",`
			`},`
			`expectedUserData: UserData{`
			`ID: "test3",`
			`Email: "test3@test.com",`
			`},`
			`}`

Optimize Cache and IDP Management (#1147) This pull request modifies the IdP and cache manager(s) to prevent the sending of app metadata to the upstream IDP on self-hosted instances. As a result, the IdP will now load all users from the IdP without filtering based on accountID. We disable user invites as the administrator's own IDP system manages them. 2023-10-03 16:40:28 +02:00			`for _, testCase := range []azureProfileTest{azureProfileTestCase1, azureProfileTestCase2, azureProfileTestCase3} {`
Add Azure Idp Manager (#822) Added intergration with Azure IDP user API. Use the steps in azure-ad.md for configuration: https://github.com/netbirdio/docs/blob/cb03373f8feb9da0204606ab055fa9825f0f9a26/docs/integrations/identity-providers/self-hosted/azure-ad.md 2023-05-03 14:51:44 +02:00			`t.Run(testCase.name, func(t *testing.T) {`
			`testCase.expectedUserData.AppMetadata.WTPendingInvite = &testCase.invite`
Optimize Cache and IDP Management (#1147) This pull request modifies the IdP and cache manager(s) to prevent the sending of app metadata to the upstream IDP on self-hosted instances. As a result, the IdP will now load all users from the IdP without filtering based on accountID. We disable user invites as the administrator's own IDP system manages them. 2023-10-03 16:40:28 +02:00			`userData := testCase.inputProfile.userData()`
Add Azure Idp Manager (#822) Added intergration with Azure IDP user API. Use the steps in azure-ad.md for configuration: https://github.com/netbirdio/docs/blob/cb03373f8feb9da0204606ab055fa9825f0f9a26/docs/integrations/identity-providers/self-hosted/azure-ad.md 2023-05-03 14:51:44 +02:00
			`assert.Equal(t, testCase.expectedUserData.ID, userData.ID, "User id should match")`
			`assert.Equal(t, testCase.expectedUserData.Email, userData.Email, "User email should match")`
			`assert.Equal(t, testCase.expectedUserData.Name, userData.Name, "User name should match")`
			`})`
			`}`
			`}`